Jörn Frenzel wrote:
> Dear all,
>
> we have a strange behavior using Samba (Verson 3.5.2) as PDC with Open
> LDAP (Version 2.1.22) as backend and an old Novell-Client (version: 4.91
> SP5) running on WinXP (SP3 and higher).
>
> The old PDC (Version 3.0.28) was running over years with the same
> LDAP-Server as backend and with Novell installed on the clients.
>
> We decided to migrate to Samba 3.5.2 , updated all the LDAP schemas
> according to Samba Version 3.5.2, setup an new 64Bit Ubuntu (10.4) and
> build the new Samba. Everything worked fine and the testclient (without
> Novell) could login without any trouble. But if i try to login on a
> Novell-Client (using nwgina.dll instead of msgina.dll), i'm forced to
> set a new password and this is what we don't want.
>
> Users LDAP-Values for "sambaPwdMustChange" are quite old, but the
> LDAP-Value "sambaMaxPwdAge" for the object "sambaDomain" itself is set
> to "-1". As far as i understand, this should ever cover the
> "old-passwords-problem" and in indeed msgina.dll does not claim about
> old pwds.
>
> But nwgina seems to act in a different way. As we noticed in the
> nwgina.log, it is first asking if username and password apply and then
> it is asking about the password age.
>
> We digged around in the code, looking for the point nwgina uses to ask
> about the password age. Unfortunately we found nothing.